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CLAIMS 

What is claimed is: 

1. A key distribution method applied in the Next Generation Network comprising a 
terminal, a soft switch and an authentication center, comprising: 

5 the terminal sending a registration request message to the soft switch for a 

registration; 

the soft switch sending the authentication request message to the authentication 
center for the authentication for the terminal; and 

the authentication center authenticating the terminal, generating a session key for 
10 the terminal and the soft switch, and upon a successful registration authentication, sending the 
session key to the soft switch so as to be distributed to the terminal. 

2. The key distribution method according to claim 1, wherein the step of the 
authentication center authenticating the terminal comprises: 

the authentication center generating a first verification word for the terminal 
1 5 according to a key Kc shared with the terminal, encrypting the session key with the shared key 
Kc, and returning the encrypted session key and the first verification word to the soft switch; 

the soft switch returning a registration failure response message to the terminal to 
notify the terminal of a registration failure; 

the terminal generating a second verification word according to the key Kc shared 
20 with the authentication center, and sending a registration message containing the second 
verification word to the soft switch for a registration again; and 

the soft switch authenticating the terminal according to the first verification word 
and the second verification word. 

3. The key distribution method according to claim 2, wherein the step of the soft 
25 switch distributing the session key to the terminal comprises: 

the soft switch returning to the terminal a registration success response message 
containing the session key encrypted with the shared key Kc, and sending a terminal 
authentication success message to the authentication center; and 

the terminal decrypting the session key encrypted by the authentication center 
30 according to the shared key Kc. 

4. The key distribution method according to claim 3, wherein the method further 
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comprises: 

the terminal sending to the soft switch a list of security mechanisms supported by 
the terminal and priority information of each security mechanism; 

the soft switch choosing an appropriate security mechanism for communication 
5 according to the list of security mechanisms and the priority information of each security 
mechanism of the terminal. 

5. The key distribution method according to claim 1, 

wherein the registration request message and the registration message are SIP 
protocol registration messages, the registration failure response message is a SIP protocol 
1 0 response message, and the registration success response message is a SIP protocol registration 
request success message; or 

wherein the registration request message is a system restart message and a 
corresponding response message in the MGCP protocol, the registration failure response 
message and the registration success response message are a notification request message and 
15 a corresponding response message in the MGCP protocol, and the registration message 
comprises a notification message and a corresponding response message in the MGCP 
protocol; or 

wherein the registration request message comprises a system service status change 
message and a corresponding response message in the H.248 protocol, the registration failure 
20 response message and the registration success response message are an attribute modification 
message and a corresponding response message in the H.248 protocol, and the registration 
message comprises a notification message and a corresponding response message in the 
H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the 
25 H.323 protocol, the registration failure response message is a gatekeeper rejection message in 
the H.323 protocol, the registration message is a registration request message in the H.323 
protocol, and the registration success response message is a registration success message in 
the H.323 protocol. 

6. The key distribution method according to claim 2, 

30 wherein the registration request message and the registration message are SIP 

protocol registration messages, the registration failure response message is a SIP protocol 
response message, and the registration success response message is a SIP protocol registration 
request success message; or 

wherein the registration request message is a system restart message and a 
35 corresponding response message in the MGCP protocol, the registration failure response 
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message and the registration success response message are a notification request message and 
a corresponding response message in the MGCP protocol, and the registration message 
comprises a notification message and a corresponding response message in the MGCP 
protocol; or 

5 wherein the registration request message comprises a system service status change 

message and a corresponding response message in the H.248 protocol, the registration failure 
response message and the registration success response message are an attribute modification 
message and a corresponding response message in the H.248 protocol, and the registration 
message comprises a notification message and a corresponding response message in the 
10 H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the 
H.323 protocol, the registration failure response message is a gatekeeper rejection message in 
the H.323 protocol, the registration message is a registration request message in the H.323 
protocol, and the registration success response message is a registration success message in 
15 the H.323 protocol. 

7. The key distribution method according to claim 3, 

wherein the registration request message and the registration message are SIP 
protocol registration messages, the registration failure response message is a SIP protocol 
response message, and the registration success response message is a SIP protocol registration 
20 request success message; or 

wherein the registration request message is a system restart message and a 
corresponding response message in the MGCP protocol, the registration failure response 
message and the registration success response message are a notification request message and 
a corresponding response message in the MGCP protocol, and the registration message 
25 comprises a notification message and a corresponding response message in the MGCP 
protocol; or 

wherein the registration request message comprises a system service status change 
message and a corresponding response message in the H.248 protocol, the registration failure 
response message and the registration success response message are an attribute modification 
30 message and a corresponding response message in the H.248 protocol, and the registration 
message comprises a notification message and a corresponding response message in the 
H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the 
H.323 protocol, the registration failure response message is a gatekeeper rejection message in 
35 the H.323 protocol, the registration message is a registration request message in the H.323 
protocol, and the registration success response message is a registration success message in 
the H.323 protocol. 



19 



Attorney Docket No. 14565.0013USWO 
Substitute Specification 

8. The key distribution method according to claim 4, 

wherein the registration request message and the registration message are SIP 
protocol registration messages, the registration failure response message is a SIP protocol 
response message, and the registration success response message is a SIP protocol registration 
5 request success message; or 

wherein the registration request message is a system restart message and a 
corresponding response message in the MGCP protocol, the registration failure response 
message and the registration success response message are a notification request message and 
a corresponding response message in the MGCP protocol, and the registration message 
10 comprises a notification message and a corresponding response message in the MGCP 
protocol; or 

wherein the registration request message comprises a system service status change 
message and a corresponding response message in the H.248 protocol, the registration failure 
response message and the registration success response message are an attribute modification 
15 message and a corresponding response message in the H.248 protocol, and the registration 
message comprises a notification message and a corresponding response message in the 
H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the 
H.323 protocol, the registration failure response message is a gatekeeper rejection message in 
20 the H.323 protocol, the registration message is a registration request message in the H.323 
protocol, and the registration success response message is a registration success message in 
the H.323 protocol. 

9. A key distribution method applied in the Next Generation Network comprising a 
terminal, a signaling proxy, a soft switch and an authentication center, comprising: 

25 the terminal sending a registration request message through the signaling proxy to 

the soft switch for a registration; 

the soft switch sending the authentication request message to the authentication 
center for the authentication for the terminal; and 

the authentication center authenticating the terminal, generating a session key for 
30 the terminal and the signaling proxy, and upon a successful registration authentication, 
sending the session key to the soft switch so as to be distributed through the signaling proxy 
to the terminal. 

10. The key distribution method according to claim 9, wherein the step of the 
authentication center authenticating the terminal comprises: 

35 the authentication center generating a first verification word for the terminal 
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according to a key Kc shared with the terminal and a key Ksp shared with the signaling proxy, 
encrypting the session key respectively with the shared key Kc and the shared key Ksp, and 
returning the encrypted session key and the first verification word to the soft switch; 

the soft switch returning a registration failure response message through the 
5 signaling proxy to the terminal to notify the terminal of a registration failure; 

the terminal generating a second verification word according to the key Kc shared 
with the authentication center, and sending a registration message containing the second 
verification word to the signaling proxy to be forwarded to the soft switch for a registration 
again; and 

1 0 the soft switch authenticating the terminal according to the first verification word 

and the second verification word. 

11. The key distribution method according to claim 10, wherein the step of the soft 
switch distributing the session key to the terminal comprises: 

the soft switch forwarding to the signaling proxy a terminal registration success 
15 response message containing the session key encrypted by the authentication center 
respectively with the shared keys Kc and Ksp, and the signaling proxy decrypting with the 
shared key Ksp the session key encrypted by the authentication center with the shared key 
Ksp, calculating a message verification word for the registration success response message 
with the decrypted session key, and forwarding to the terminal the registration success 
20 response message containing the message verification word and the session key encrypted 
with the shared key Kc; and 

the terminal decrypting the session key encrypted by the authentication center 
according to the shared key Kc, and authenticating with the decrypted session key the 
message authentication word of the message returned from the signaling proxy so as to 
25 authenticate an identity of the signaling proxy, an integrity of the message and whether 
security mechanism parameters of the terminal returned from the signaling proxy are correct. 

12. The key distribution method according to claim 11, wherein the method further 
comprises: the terminal sending to the signaling proxy a list of security mechanisms supported 
by the terminal and priority information of each security mechanism, and the signaling proxy 

30 choosing an appropriate security mechanism for communication according to the security 
mechanisms supported by the terminal and the priority information of each security 
mechanism. 

13. The key distribution method according to claim 9, 

wherein the registration request message and the registration message are SIP 
35 protocol registration messages, the registration failure response message is a SIP protocol 
response message, and the registration success response message is a SIP protocol registration 
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request success message; or 

wherein the registration request message comprises a system restart message and a 
corresponding response message in the MGCP protocol, the registration failure response 
message and the registration success response message are a notification request message and 
5 a corresponding response message in the MGCP protocol, and the registration message 
comprises a notification message and a corresponding response message in the MGCP 
protocol; or 

wherein the registration request message comprises a system service status change 
message and a corresponding response message in the H.248 protocol, the registration failure 
10 response message and the registration success response message are an attribute modification 
message and a corresponding response message in the H.248 protocol, and the registration 
message comprises a notification message and a corresponding response message in the 
H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the 
15 H.323 protocol, the registration failure response message is a gatekeeper rejection message in 
the H.323 protocol, the registration message is a registration request message in the H.323 
protocol, and the registration success response message is a registration success message in 
the H.323 protocol. 

14. The key distribution method according to claim 10, 

20 wherein the registration request message and the registration message are SIP 

protocol registration messages, the registration failure response message is a SIP protocol 
response message, and the registration success response message is a SIP protocol registration 
request success message; or 

wherein the registration request message comprises a system restart message and a 
25 corresponding response message in the MGCP protocol, the registration failure response 
message and the registration success response message are a notification request message and 
a corresponding response message in the MGCP protocol, and the registration message 
comprises a notification message and a corresponding response message in the MGCP 
protocol; or 

30 wherein the registration request message comprises a system service status change 

message and a corresponding response message in the H.248 protocol, the registration failure 
response message and the registration success response message are an attribute modification 
message and a corresponding response message in the H.248 protocol, and the registration 
message comprises a notification message and a corresponding response message in the 

35 H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the 
H.323 protocol, the registration failure response message is a gatekeeper rejection message in 
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the H.323 protocol, the registration message is a registration request message in the H.323 
protocol, and the registration success response message is a registration success message in 
the H.323 protocol. 

15. The key distribution method according to claim 11, 

5 wherein the registration request message and the registration message are SIP 

protocol registration messages, the registration failure response message is a SIP protocol 
response message, and the registration success response message is a SIP protocol registration 
request success message; or 

wherein the registration request message comprises a system restart message and a 
10 corresponding response message in the MGCP protocol, the registration failure response 
message and the registration success response message are a notification request message and 
a corresponding response message in the MGCP protocol, and the registration message 
comprises a notification message and a corresponding response message in the MGCP 
protocol; or 

1 5 wherein the registration request message comprises a system service status change 

message and a corresponding response message in the H.248 protocol, the registration failure 
response message and the registration success response message are an attribute modification 
message and a corresponding response message in the H.248 protocol, and the registration 
message comprises a notification message and a corresponding response message in the 

20 H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the 
H.323 protocol, the registration failure response message is a gatekeeper rejection message in 
the H.323 protocol, the registration message is a registration request message in the H.323 
protocol, and the registration success response message is a registration success message in 
25 the H.323 protocol. 

16. The key distribution method according to claim 12, 

wherein the registration request message and the registration message are SIP 
protocol registration messages, the registration failure response message is a SIP protocol 
response message, and the registration success response message is a SIP protocol registration 
30 request success message; or 

wherein the registration request message comprises a system restart message and a 
corresponding response message in the MGCP protocol, the registration failure response 
message and the registration success response message are a notification request message and 
a corresponding response message in the MGCP protocol, and the registration message 
35 comprises a notification message and a corresponding response message in the MGCP 
protocol; or 
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wherein the registration request message comprises a system service status change 
message and a corresponding response message in the H.248 protocol, the registration failure 
response message and the registration success response message are an attribute modification 
message and a corresponding response message in the H.248 protocol, and the registration 
5 message comprises a notification message and a corresponding response message in the 
H.248 protocol; or 

wherein the registration request message is a gatekeeper request message in the 
H.323 protocol, the registration failure response message is a gatekeeper rejection message in 
the H.323 protocol, the registration message is a registration request message in the H.323 
10 protocol, and the registration success response message is a registration success message in 
the H.323 protocol. 

17. A key distribution system applied in the Next Generation Network comprising: 

a terminal adapted to send a registration request message for a registration; 

a soft switch adapted to receive and forward the authentication request message sent 
1 5 from the terminal for the authentication for the terminal; and 

an authentication center adapted to receive the authentication request message 
forwarded from the soft switch, to authenticate the terminal, to generate a session key for the 
terminal and the soft switch, and to send, upon a successful registration authentication, the 
session key to the soft switch so as to be distributed to the terminal. 

20 1 8. A key distribution system applied in the Next Generation Network comprising: 

a terminal adapted to send a registration request message for a registration; 

a signaling proxy adapted to enable the terminal to send the registration request 
message therethough; 

a soft switch adapted to receive and forward the authentication request message sent 
25 from the terminal through the signaling proxy for the authentication for the terminal; and 

an authentication center adapted to receive the authentication request message 
forwarded from the soft switch, to authenticate the terminal, to generate a session key for the 
terminal and the signaling proxy, and to send, upon a successful registration authentication, 
the session key to the soft switch so as to be distributed through the signaling proxy to the 
30 terminal. 
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